Your safety
is our priority
Reading the card with the phone, entering the PIN code on the screen - all this must be completely secured. By managing the app's protection from data mining, Pin on Glass technology and other security features, we can offer you a completely secure solution for accepting payments on your mobile device.
Certified by associations
The application is fully certified and complies with the mandates of the Visa and Mastercard card associations. We have passed all the prescribed checks and certifications. We also work closely with both card associations.
PCI DSS (CPoC)
The application is successfully certified under the CPoC standard by PCI DSS and thus meets the highest standards prescribed by this association. We are preparing for MPoC.
Independently audited
Although we have successfully passed all certifications, we care about maximum safety. That's why we also use reputable companies focused on security audits of payment solutions, such as SGS/Brightsight.
What do we do for solution security?
The entire payment process is encrypted and we use the highest version of the TLS 1.2 cryptographic protocol.We use the DUKPT mechanism to encrypt the PIN code, which completely eliminates the possibility of obtaining the PIN code in its full form. In the application it is not even possible to influence in any way to which account the money from the payments will be credited - therefore there is no possibility of abuse.
Frequently asked questions
Is the terminal solution on your mobile safe?
If it were not safe, card associations would never allow us to accept bank cards through this solution. However, since we have successfully passed all security certifications and tests, we can confirm that the terminal in the mobile is at least as secure as classic payment terminals.
What if I lose my phone?
Nothing happens, just contact us and we will block the device immediately. If your phone doesn't come back to you, just get a new one and sign in to the app again. We'll then associate your new phone with your account.
Why can't GP tom be used on older devices?
The reason for this is safety. Google has been releasing security patches and fixes for the Android operating system since version 8 and higher – ensuring that potential risks are addressed and patched by Google. Thanks to this, it is possible to ensure that safety is always at the required level. Card associations require version 8 as the minimum version.
Can sensitive data be misused?
He can't. The security part of the card processing is separated from the rest of the application, so the application itself does not store sensitive card data in any way. Similarly, the PIN code is processed by a separate part that encrypts it with a DUKPT mechanism that will not allow card data to be extracted from the data or communication. This technology has been used in the payment world for several years and its security has been confirmed.
What if someone records me entering the PIN code?
This is not possible. The app checks running apps in the background before calling up the keyboard pin and won't allow screen recording. At the same time, the on-screen keyboard changes its position, so it is not even possible to get a pin code, for example, by fingerprints.